<!--this page will update the users password.-->
<?php
//written by: Marcos Resendiz
session_start();
require_once 'php_includes.php';
require_once 'time_functions.php';

//Make sure logged in
checkLogin();
?>  

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title>Payroll and Timesheet Management Website</title>
    <link rel="stylesheet" type="text/css" href="styles.css"/>
  </head>
  <body>
	<?php writeHeader(); ?>
	<p>
	<span class="pageheader">Add Employee Result</span><br/>
	<?php
	//Establishes connection to the database
	sqlConnect();
	//this will hold the current users ID.
	$empPass=$_SESSION['tmsUserID'];
	//will retrieve the current users password from the DB
	$sql = "select EmployeePassword from Employee where EmployeeID = '$empPass'";
	//performs query
	$sqlresult = sqlQuery($sql);
	//will hold the result
	$result = mysql_result($sqlresult, 0, 0);
	//checks if the "change password" form has been filled out completely
	if(empty($_POST['old_pass']) || empty($_POST['new_pass1']))
	{
		exit("<p><font color=red>ERROR!</font> Please fill in all fields of the Control Pannel! <br> Click <a href=\"controlpanel.php\">here</a> to go back.</p>");
	}
	
	else
	{
	//Verify that the user knows their old password
	if($result != $_POST['old_pass']) 
	{
	exit("<p><font color=red>ERROR!</font> You have entered an wrong Old Password! <br> Click <a href=\"controlpanel.php\">here</a> to go back.</p>");
	}
	
	//If the users password is correct
	else
	{
		//Makes sure that Old password and new password are not the same...they are changing it after all
		if($_POST['old_pass'] == $_POST['new_pass1'])
		{
			exit("<p>Please choose a new password! <br> Click <a href=\"controlpanel.php\">here</a> to go back.</p>");
		}
		
		else
		{
	//Checks again if the user has entered a new password
	if(empty($_POST['new_pass1']))
	{
	exit("<p>You must enter values in all fields of the Cotrol form! <br> Click <a href=\"control.php\">here</a> to go back.</p>");
	}
	//will hold the new password
	$pass=$_POST['new_pass1'];
	//will hold the current users ID.
	$id=$_SESSION['tmsUserID'];
		
	
	//Updates the users password
	$sqlUp= sqlQuery("update Employee set EmployeePassword = '$pass' where EmployeeID = '$id'");
	//if the password could not be updated 
	if(!$sqlUp)
	exit("Password Could not be updated.<br> Click <a href=\"controlpanel.php\">here</a> to go back.");
	//password was updated sucesfully
	else
	exit( "Password Updated Successfully.<br> Click <a href=\"main.php\">here</a> to go home.");
	
	}
	}
	}
	//close DB
	sqlExit();
	
	?> 

